Managing incidents

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Managing incidents

    Managing incidents involves diagnosing, investigating, recording results, and escalating or promoting incidents as needed. The initial diagnosis and investigation are primarily human-driven processes performed by service desk agents who interact with users and utilize available data to resolve issues efficiently.

    Show full answer Show less

    Key Features

    • Configuration Management Database (CMDB): Service desk agents can query the CMDB, which contains detailed information about hardware, software, and their interrelationships. This database supports incident diagnosis and investigation. The CMDB is typically populated using Discovery, a separate product.
    • Related Incidents Tools: To assist investigation, agents can access related records:
      • Related Incidents Icon: Appears next to the Caller field to show incidents from the same caller, configurable by administrators.
      • Incidents by Same Caller Related List: Displays incidents associated with the same user, requiring administrator configuration.
      • Dependency Views: Visual maps showing configuration items linked to the incident, with options to view related tasks for deeper analysis.
    • Incident Promotion: Agents can escalate incidents to problem or change management processes when the incident root cause is a known error or requires infrastructure changes. This is facilitated by menu options on the Incident form and includes linking incidents to problem or change records.
    • Request Creation from Incident: For resolutions involving hardware or software requests, agents can create service requests directly from the incident. This feature is available in instances from Jakarta release onward with the Problem Management Best Practice plugin activated.
    • Incident Escalation Methods:
      • Service Level Agreements (SLAs): SLAs monitor incident resolution progress against defined service commitments, escalating priorities and tracking performance over time.
      • Inactivity Monitor: Detects incidents that have not been updated within a specified timeframe and triggers notifications or scripts to prevent oversight.

    Practical Benefits

    By leveraging the CMDB and related incident tools, ServiceNow customers can improve incident diagnosis accuracy and speed. The ability to promote incidents to problem or change management ensures proper handling of systemic issues and infrastructure changes. Escalation mechanisms like SLAs and inactivity monitors help maintain service quality and responsiveness, reducing resolution times and enhancing customer satisfaction.

    Working on incidents involves diagnosing and investigating the incident, recording results, and sometimes escalating or promoting the incident.

    Initial diagnosis of incidents is largely a human process. The service desk agent looks at the details of the incident and communicates with the user to diagnose the issue.

    To aid in the diagnosis, the service desk agent can query the configuration management database, or CMDB. The CMDB contains information about hardware and software within a network and the relationships between them. The CMDB can be populated by: Discovery . Discovery is available as a separate product.

    Incident investigation

    Incident investigation is also a human process. The service desk continues to use the information in the Incident form as well as the CMDB to solve the issue. Work notes are added to the incident as the service desk evaluates the incident, facilitating communication between the concerned parties. Work notes and other updates can be communicated to the concerned parties through email notifications.

    One way to investigate incidents is to determine whether related records exist, using one of the following features.

    Related incidents icon
    The show related incidents icon (Show related incidents icon) appears beside the Caller field when it is populated. Click the icon to view the list of incidents for the same caller.
    Note:
    Administrators can add this icon to any reference field by modifying the dictionary entry and adding the ref_contributions=user_show_incidents dictionary attribute. The icon appears only for users who have read or write access to the field. A UI macro named user_show_incidents defines the behavior. The UI macro must be active to view the related incidents icon.
    Incidents by Same Caller related list
    Another way to research related incidents is to use the Incidents by Same Caller related list. The administrator may need to configure the form to display this related list.
    Dependency views
    Dependency views can help find related incidents based on configuration items (CI). If a configuration item is attached to an incident, click the map icon (Dependency view icon) to display the dependency views map. In the dependency map, if you want to view the tasks that are attached to the CI, click the down arrow next to the CI and from the menu, select View Related Tasks.
    Figure 1. CI options
    CI options menu

    Incident promotion

    When the incident management team has determined that the cause of an incident is an error or widespread problem, the team initiates the problem management process. When the issue requires a change to the infrastructure or a business service, the team initiates the change management process.

    A menu item on the Incident form lets you create a problem or change record easily and associate the incident with the problem or change record. For more information, refer Create a record from incident
    Note:
    If the incident already has an associated problem or change record, you cannot create another record of the same task type.
    Sometimes, the resolution for the user is to request hardware or software for them. For example, a user may report a problem that requires a new mouse device or keyboard. The service desk agent can create a request from the incident. The incident is associated with the requested item.
    Note:
    This feature is available only in new instances starting with Jakarta or a later release. The Problem Management Best Practice – Jakarta plugin (com.snc.best_practice.problem.jakarta) plugin must be activated.

    Incident escalation

    There are two escalation methods the platform uses to track and report on incidents that are not being resolved according to your organization standards.

    Service level agreements (SLAs)
    SLAs monitor the progress of an incident according to a set of agreements between a service provider and customer that define the scope, quality, and speed of the services being provided. As time passes, the SLA escalates the priority of the incident and leaves a marker as to its progress. SLAs are also used as a performance indicator for the service desk.
    Inactivity monitor
    The inactivity monitor generates an event to prevent incidents from going unnoticed. When a certain amount of time has passed without an update to the incident, the event creates an email notification or triggers a script.